Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a buffer overflow that is supposed to be exploitable. Fix: https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c
I'm assuming there's a release right around the corner.
No release yet, went for a revbump. Arches, please test and mark stable: =net-irc/bip-0.8.8-r1 Target keywords : "amd64 x86"
amd64 stable
x86 stable
B1 should be good. Filed new glsa request. Thanks everyone.
CVE-2012-0806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806): Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.
This issue was resolved and addressed in GLSA 201201-18 at http://security.gentoo.org/glsa/glsa-201201-18.xml by GLSA coordinator Alex Legler (a3li).